Cloud Engineer III-SOC Analyst

Requisition Number: 96104 

Job Title Cloud Engineer III – SOC Analyst

About Insight:

Founded in 1998, Insight is headquartered in Chandler, Arizona, USA and has more and has more than 13000+ Teammates worldwide with global presence in Canada, United Kingdom, Germany, Australia, India, Singapore and many more. With offices in the prime location -Gurgaon and Bangalore we have 1000+ teammates operating from India.

As a Fortune 500-ranked global provider of Digital Innovation, Cloud Data Center Transformation and Supply Chain Optimization solutions and services, we help clients successfully manage their IT today while transforming for tomorrow, recognized for its excellence.  

About the team

We are providing Security L1/L2/L3/Engineering support for Identity, Network, App Security, Email Security based on Microsoft, Zscaler, Cisco and other ISV Tools following the cloud security model that provides organizations with a range of security solutions and services. This service model is designed to help organizations protect their networks, systems, and data from a variety of security threats, such as cyberattacks, data breaches, and unauthorized access.​

Responsibilities –

• The scope of the Security Engineering Support and SOC/CFC defined here is based on the monitoring, management, and optimization of Security Services within client’s environment.
• All Security Engineering Support Services and SOC/CFC defined here are delivered in English for verbal and written communication.
• All Security Engineering Support Services and SOC/CFC defined here are delivered on a 24x7x365 basis.
• The Security Engineering Support Services and SOC/CFC defined here are delivered remotely using Insight’s Global Delivery Network, which includes personnel in India, North America, Europe, Asia Pacific regions.

• Minimum 4-5 years’ experience.

• SKILLS: Cyber Threat Analysis – EDR (Carbon black). SIEM Tools - Splunk and ELK. Familiar with cloud environments. Security Tools – Anti Virus (McAfee ePO). Host based forensics: windows (eric Zimmerman tools, KAPE to collect artifacts) Malware Analysis: behavior-based malware analysis. Ticket and Reporting tools: Archer and Service Now. Scripting: Python for simple scripts. Log analysis. Basics of network penetration testing. Wireshark, Security, Analyst, Endpoint Security, Cyber Security, Network Security, Threat Analysis, IBM QRadar, Azure Sentinel, Palo Alto

Responsibilities:

• Monitor and analyze data flow to identify, block and remediate malicious behavior or files for the infected host using EDR tools.
• Conducting Forensic analysis based on the criticality of the incident for understanding the root cause.
• Research and recommend solutions for incident response and co-ordinate with internal teams (IT, Engineering, Audit/Compliance, HR/Legal, threat intelligence team) to eradicate the threat.
• Proactively hunting for suspicious activities and processes on Windows platform with EDR tool that allows to analyze and hunt for suspicious or malicious activities.
• Performing advanced prevention capabilities like custom whitelisting, custom blacklisting, malware blocking, exploit blocking, and IOA-based prevention (Indicators of Attack).
• provide suggestions on fine-tuning to optimize existing SIEM rules and SOAR processes, to improve detection accuracy and reduce false positive alerts.
• Conducted analysis for cyber investigations on Ransomware, network intrusion incident response and Business E-Mail Compromise.
• Actively participate in large-scope high-impact cyber breaches and assist in the management of investigative workflows and activities to support response and remediation.
• Utilize industry-standard, open-source technology, and self-developed tools to execute large-scale investigations.
• Draft communications, assessments, and reports that may be both internal and customer-facing, to include leadership and executive management.
• Focusing on real-time monitoring and analyzing logs from various security appliances.
• Hands-on experience with SIEM, Microsoft 365, QRadar, Forensics and Azure Sentinel SIEM tools for log monitoring and analysis.
• Knowledge of networking concepts, including OSI layers, subnet, TCPIP, ports, DNS, DHCP, firewall monitoring, and content filtering.
• Experience in handling and mitigating attacks related to malware, viruses, spoofing, phishing, and email monitoring.
• Carrying out log monitoring and incident analysis for various devices such as End points, Firewalls, IDS, IPS, database, web servers.

Qualification:

• Education: B.E/B.Tech/Graduate/

Insight is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, sexual orientation or any other characteristic protected by law.

Insight India Location:Level 16, Tower B, Building No 14, Dlf Cyber City In It/Ites Sez, Sector 24 &25 A Gurugram Gurgaon Hr 122002 India